CSV Injection in Addactis IBNRS 3.10.3.107
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
CVSS: 7.1, Impact Score: 5.3, Exploitation Score: 1.3
Affected Components: Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters
Screenshot 1: Injecting an Excel Formula as Project Description in order to Open Notepad
Screenshot 2: Saving the Malicious IBNRS Project that Contains the Formula as csv_injection_poc.ibnrs
Screenshot 3: Displaying the Saved File Location From Addactis IBNRS
Screenshot 4: Opening an Empty Excel Document
Screenshot 5: Exporting the Malicious .ibnrs File via Add-ins Tab in Excel
Screenshot 6: Waiting for File to be Loaded
Screenshot 7: OS Command Execution Request After Exporting IBNRS Project with Malicious Formula
Screenshot 8: Successfully Opening Notepad and Observing that the Project Description is Interpreted as Excel Formula
Screenshot 9: Displaying the Injected Excel Formula in Project Description Cell